When It Comes to Email Security, Healthcare Orgs Must Stay Vigilant

Ryan has been a magazine and newspaper editor for 18 years, with the last 12 covering a variety of bases for CDW’s family of tech magazines. As Editor in Chief, he works on developing editorial strategy and is always on the lookout for new writing talent and sharing great stories with the IT world. In his spare time, Ryan enjoys spending time with his family, biking and obsessively following Iowa Hawkeye sports and Cubs baseball.

By and large, security persists as a major area of concern for the healthcare industry. According to the 2019 HIMSS Cybersecurity Survey, 82 percent of hospital respondents and 64 percent of nonacute providers reported that, over a 12-month span, they had experienced a “significant security incident.”

Twenty-seven percent of hospitals said that online scam artists employing phishing tactics targeted business email accounts. What’s more, in Q4 2018, healthcare organizations were targets for email fraud attacks 473 percent more often than in Q1 2017, according to Proofpoint’s “Email Fraud in Healthcare 2019 Report.” A deeper dive into the latter report found that 45 percent of all email sent from healthcare-owned domains in Q4 2018 appeared “suspicious,” including the bulk of emails to employees and 42 percent sent to patients.

Additionally, recent research published on JAMA Network Open found that roughly 1 in 7 simulated phishing emails were clicked on by employees, a number the study’s authors called “notably high.” While hackers’ strategies for infiltrating target organizations’ data and IT systems continue to evolve, old-fashioned attack methods are far from obsolete.

Follow the Trends

Camarena Health in Madera County, Calif., a community healthcare ­provider that’s grown from three clinics to 14 over the past seven years, now uses a mixture of on-premises and cloud-based security solutions to help protect its expanding environment. Email is one of Camarena’s primary emphases, especially as it looks to address data sprawl and ensure the safekeeping of protected health data.

According to data from Mimecast’s December 2018 email security risk assessment, 1 in 350 emails to healthcare organizations was flagged as an impersonation, while 1 in 3,741 emails contained malware. Providers must make it a point to follow these trends closely and react accordingly.